Do you use or exploit WebSockets? Check out our new blog post to see how modern browsers may (or may not) be protecting you from Cross-Site WebSocket Hijacking!
blog.includesecurity.com/2025/04/cross-…
English
Include Security
209 posts
Include Security
@IncludeSecurity
Simply stated: Give us any kind of app and we'll hack it better than the rest. Our clients include awesome tech companies in Silicon Valley, NYC, and beyond.
Brooklyn and the world Bergabung Mayıs 2012
1 Mengikuti1.6K Pengikut
Today our team at IncludeSec is releasing a site to help with key collision concerns. We've known for a while that private keys should not be shared, use this site to ensure they are not! ismyprivatekeypublic.com
English
New research🤩 on old tech👴! Our team's latest blog post demonstrates many ways memory vulnerabilities can occur in your legacy Delphi code despite being described as a "memory safe" language by the NSA.
blog.includesecurity.com/2025/03/memory…
English
It's winter, so hacking space heater IoT devices to completely control their firmware seems like the thing to do! In our latest blog post, you'll see some of the things we do for our IoT/HW clients!!
blog.includesecurity.com/2025/02/replac…
English
Hey folks, for those who like the HTB community we've done a collab contribution of a challenge box (free, no subscription needed), give it a spin if you like to hack the hackers! 🪓 👩💻
hackthebox.com/machines/backf…
Hint: It's a tough box, check our github and our blog for info.
English
We're happy to sponsor great learning resources like @OpenSecTraining, the world is awash with a lot of bad training/certs, here's some courses that are solid and open/free!😀
OpenSecurityTraining2@OpenSecTraining
As the year comes to a close, we want to once again thank all of the individual and corporate donors who generously contributed to #OST2's nonprofit mission this year! You help ensure that OST2 will be around for years to come! ost2.fyi/Partnership.ht… Platinum Partners: @TrustedComputin ost2.fyi/Sponsorship.ht… Gold Sponsors & Windows Security Track sponsor Winsider Seminars & Solutions (@yarden_shafir & @aionescu) Gold Sponsors: @3mdeb_com @binarly_io @crowdfense @DarkMentorLLC @NCCGroupplc Bronze Sponsors: @cyber5w @IncludeSecurity And remember that the more Partners and Sponsors we get, the more instructors and classes we can support. So if your company sponsors conferences, you should ask them to sponsor OST2!
English
This Week in Security: Footguns, Bing Worms, and Gogs
hackaday.com/2024/11/22/thi…
English
New blog! Join us as we explore seemingly safe but deceptively tricky ground in Elixir, Python, and the Golang standard library. Well-documented behavior is not always what it appears!
blog.includesecurity.com/2024/11/spelun…
English
Who hacks the hackers? We do!
Our new research on vulns in multiple common C2 frameworks used by netpen and red teams. If you use any of these take a look and patch up.
blog.includesecurity.com
English
It's always great to work on open source security, even better when it helps users who need secure and private access online!
Open Technology Fund@OpenTechFund
.@OpenTechFund’s Security Lab partner @IncludeSecurity’s security audit of VPN Generator (software that lets anyone provide a VPN to a small group) revealed that the tool only had 4 “low-risk” issues, 3 of which have already been fixed. Learn more ow.ly/XPZI50S8P7S
English
@kevinriggle This is the summercon after party bar every year, we've sponsored @SummerC0n many years and the staff there loves the hacker crew!
English
@kevinriggle this particular punk bar has been the host of many summerc0n after parties and we've spent many thousands there on "networking", the staff loves summercon every year!
English
Fresh blog post for ya;
We introduce coverage-guided fuzzing as a concept to hunt down bugs faster via modification of the Fuzzilli fuzzer from Google Project Zero.
blog.includesecurity.com/2024/04/covera…
English
Include Security me-retweet
Check out this @BSidesNYC 0x03 interview by @cybersnacker with Erik Cabetas where he discusses how BSidesNYC is different from the other New York conferences, how he started @IncludeSecurity, and what it's like to consult for #hacker movies.
youtube.com/watch?v=ktk8px…
YouTube
English
We're glad everybody enjoyed our April fool's joke for 2024. See you can be serious about security but also have fun!
English
We released our new semgrep rules today. Given the recent news about executive orders from the Whitehouse, we thought it would be important to flag all of the code that doesn't meet federal standards.
Memory Safety is serious stuff today:
github.com/IncludeSecurit…
English
We're happy to support great open/free security training to get more folks into our industry. If you want to learn low-level RE/hacks/OS check out OST2! ost2.fyi/Home.html
OpenSecurityTraining2@OpenSecTraining
Thanks to @IncludeSecurity for Sponsoring #OST2 at the Bronze🥉 level! More about them here: blog.includesecurity.com
English
We're still seeing a lot of Ruby code out there in the tech world. If we see it we hack it! Latest blog post on advanced Ruby deserialization gadget chains for exploitation of application is up
blog.includesecurity.com/2024/03/discov…
English
It’s here folks, here’s an actually deeper dive into the topic of LLM prompt injection; Much more complete than all the fluff you see out there on the topic today. If you like under-the-hood AI context, this one is for you.
blog.includesecurity.com/2024/02/improv…
English